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(57) ABSTRACT 

A method and apparatus to allow a key manager node in a 
network to initiate the process of changing a group key for 
all nodes in a multicasting group. In the described 
embodiment, the key manager node initiates changing the 
group key by setting an indicator in a multicast packet. The 
indicator indicates that each of the nodes in the multicast 
group should obtain a new group key from the key manager 
node. The key manager node sets the indicator whenever the 
key manager node determines that the nodes in the group 
need to change their key. The nodes in the multicast group 
then obtain a key from the key manager node. In one 
embodiment of the present invention, the key manager node 
sends the group key to the members of the group and, once 
all nodes in the group have received their key, sends an 
indicator that the group members should start using the new 
keys. In another embodiment, the key manager node sends 
the new key to the group, along with instructions specifying 
when the new key is to take effect. For example, the new key 
can take effect at a certain time or when a certain packet 
number is received. In another embodiment, each receiver in 
the group uses both the new key and the old key for a 
predetermined time period or until all group members have 
received the key. 

46 Claims, 13 Drawing Sheets 
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METHOD AND APPARATUS FOR 
MULTICAST INDICATION OF GROUP KEY 
CHANGE 

BACKGROUND OF THE INVENTION 

The present invention relates generally to networking and, 
specifically, to a method and apparatus allowing a key 
manager node in a network to initiate a process of changing 
a group key for multiple members of a group in the network. 

Internet Protocol (IP) multicasting is useful for dissemi- 
nating data to a large group of receivers in a network. 
Multicasting of data is a form of network communication in 
which a transmitting node (a "sender") sends the data via a 
single message to multiple destinations at once. The multiple 
destinations are the recipients ("receivers") of the message, 
Other methods of network communication include 
broadcast, in which a sender transmits to all possible 
recipients, and unicast, in which the sender transmits only to 
one specific recipient. Multicast is described in more detail 
in T. A. Maufer, Deploying IP Multicast in the Enterprise, 
Prentice Hall PTR, 1998, which is herein incorporated by 
reference in its entirety to the extent that it does not conflict 
with the invention as described herein. A multicast sender 
may send a message to a selected group of receivers in a 
multicast group, A multicast group includes at least one 
sender that transmits data to nodes on a particular multicast 
address. A multicast group also includes one or more receiv- 
ers. A receiver is a node that listens on a particular address 
in the network. Receivers become members of the group 
because they are interested in receiving messages. A node 
may be both a sender and a receiver of data to and from other 
nodes. 

In certain conventional multicast systems, a sender dis- 
tributes a group key to all nodes in the multicast group. Each 
member in the multicast group receives the same group key. 
This group key may be used by the one or more senders to 
encrypt data and by the receivers to decrypt the data sent to 
the group or to decrypt other, individual keys sent to the 
group members. When a member leaves a group or is no 
longer trusted, it is necessary to change the group key so that 
the former member will not be able to decrypt information 
encrypted with the group key. It is also wise for the sender 
to change the group key periodically in case the key has been 
compromised. It is also wise to change the group key if 
enough time has passed since the group key was last 
distributed that the group key could be compromised. 

Some conventional multicasting systems, such as the 
"Enclave" system developed by Li Gong (as described in L. 
Gong, "Enclaves: Enabling Secure Collaboration over the 
Internet". IEEE Journal on Selected Areas in 
Communications, 15(3):567-575, April 1997) allow the 
sender to distribute a new key (encrypted separately for each 
member) directly via multicasting. Unfortunately, this 
method does not scale to large numbers of members, since 
the amount of data multicast to all members grows as the 
number of members grows. 

As another example, the SKIP (Simple Key Management 
for Internet Protocols) protocol distributes keys that are 
deemed vaHd for a certain predetermined time period and 
updates these keys by a unicast. This distribution method 
causes a problem when a member leaves the group, since the 
member still has access to the group key until that group key 
expires. SKIP does not allow for quick key change when a 
member leaves the group or is suspected to be compromised. 

SUMMARY OF THE INVENTION 

Described embodiments of the present invention allow a 
key manager node in a network to initiate the process of 
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changing a group key for all nodes in a multicasting group. 
A "key manager" is the network entity in charge of key 
disUibution and management. In the described embodiment, 
the key manager node initiates changing the group key by 

5 setting an indicator (called a "key change indicator") in a 
multicast packet. The key change indicator indicates that 
each of the nodes in the multicast group should obtain the 
new group key. The key manager sets the indicator when- 
ever the key manager determines that the nodes in the group 

10 need to change their key. The members in the multicast 
group then obtain the new group key from the key manager 
via an appropriate key distribution process. 

Various embodiments use one of several methods 
described herein to perform key distribution. In certain 

15 embodiments, the group members individually request a 
new group key. In other embodiments, the key manager 
transmits the key to the group members using another 
appropriate mechanism. In one embodiment of the present 
invention, the key manager distributes the group key to the 

20 members of the group in response to a request from each 
member. Once all group members have received the new 
group key (or a timeout has occurred), the key manager 
sends an indicator that the group members should start using 
the new group key. In another embodiment, the key manager 

25 sends the new group key to the group members, along with 
instructions specifying when the new key is to take effect. 
For example, the new key can take effect at a certain time or 
for all received packets having a packet number higher than 
a certain packet number. In another embodiment, each 

30 receiver in the group uses both the new group key and the 
old group key for a predetermined time period or until all 
group members have received the key, while each sender in 
the group receives an indication from the key manager that 
it should switch to the new group key. In still other 

^5 embodiments, the key manager unicasts or multicasts the 
new group key to the group members without receiving a 
request. 

Various embodiments implement the key change indicator 
in different ways. As discussed above, the key change 
indicator can be a flag formed of one or more bits in a packet. 
The key change indicator can also be an indicator in the data, 
such as a control character. The key change indicator can 
also be a separate type of packet or message. Similarly, the 
indicator that the group should start using the new key, 
which is used in certain embodiments, can also be a flag, a 
control character, a type of packet or message, or any other 
appropriate type of indicator. 

The group key used in the described embodiments of the 
present invention is a shared secret key, as is known to 
persons of ordinary skill in the art. An example of such a 
shared secret key encryption method is the DES encryption 
method. 

In accordance with the purpose of the invention, as 
55 embodied and broadly described herein, the invention 
relates to at least a method of changing a group key, 
comprising the steps performed by a node including a key 
manager function in a system for processing data, of: 
sending an indicator to each member of a group that it is time 
go to change the group key; and distributing a new group key 
to at least one member of the group. 

In further accordance with the purpose of the invention, as 
embodied and broadly described herein, the invention 
relates to a method of changing a group key, comprising the 
65 steps performed by a system for processing data, of: 
sending, by a key manager node, an indicator to each 
member of a group that it is time to change the group key; 
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and distributing, by the key manager node, a new group key 
to at least one member of the group. 

In further accordance with the purpose of the invention, as 
embodied and broadly described herein, the inventioD 
relates to method of changing a group key, comprising the ^ 
steps performed by a member of a group in a system for 
processing data, of; receiving, by the member of the group, 
an indicator that it is lime to change the group key; sending, 
by the member of the group, in response to the indicator, a 
request for a new group key; and receiving, after the sending 
step, the new group key. 

Advantages of the invention will be set forth in part in the 
description which follows and in part will be obvious from 
the description or may be learned by practice of the inven- 
tion. The objects and advantages of the invention will be 
realized and attained by means of the elements and combi- 
nations particularly pointed out in the appended claims and 
equivalents. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The accompanying drawings, which are incorporated in 
and constitute a part of this specification, illustrate several 
embodiments of the invention and, together with the 
description, serve to explain the principles of the invention. 25 

FIG. 1(a) is a block diagram of sending packets by a 
sender in a conventional multicast network. 

FIG. 1(b) is a block diagram of a multicast network 
wherein a key manager node sends a key change indicator in 
accordance with an embodiment of the present invention. 30 

FIG. 1(c) is a block diagram of a multicast network 
wherein a key manager node sends a key change indicator in 
accordance with an embodiment of the present invention. 

FIG. 2(a) is a diagram of a key manager data processing 
system in accordance with an embodiment of the present 
invention. 

FIG. 2(b) is a diagram of a group member data processing 
system in accordance with an embodiment of the present 
invention. 

FIG. 3 is a flow chart showing steps performed by a first 
embodiment of the present invention to disseminate a group 
key. 

FIG. 4 is a flow chart showing steps performed by a 
second embodiment of the present invention to disseminate 45 
a group key. 

FIG. 5 is a flow chart showing steps performed by a third 
embodiment of the present invention to disseminate a group 
key. 

FIG. 6 is a flow chart showing steps performed by a fourth 
embodiment of the present invention to disseminate a group 
key. 

FIG. 7 is a flow chart showing steps performed by a fifth 
embodiment of the present invention to disseminate a group 
key. 

FIG. 8 is a flow chart showing steps performed by a sixth 
embodiment of the present invention to disseminate a group 
key. 

FIG. 9 is a diagram showing an example of a packet gQ 
format including a key change indicator. 

FIGS. 10(a)-10(c) are diagrams showing various 
examples of a packet used to send the new group key to a 
member of the group, 

FIG. 11 is a diagram showing an example of a packet 65 
fortnat including an indicator that the group key should 
begin to be used by group members. 



361 Bl 

4 

DETAILED DESCRIPTION OF PREFERRED 
EMBODIMENTS 

Reference will now be made in detail to several embodi- 
ments of the present invention, examples of which are 
illustrated in the accompanying drawings. Wherever 
practicable, the same reference numbers will be used 
throughout the drawings to refer to the same or like parts. 

I, General Discussion 

FIG. 1(a) is a block diagram showing a sender multicast- 
ing packets in a multicast network. FIG. 1(a) shows a 
general diagram of how data is sent from a sender node 104 
to the nodes in its multicast group. The aodes in the 
multicast group of FIG. 1(a) include nodes 105, 106, 108, 
110, and 112. As shown, the nodes to which the sender sends 
data can be other senders and receivers. In general, sender 
104 sends a multicast packet as indicated by line 116. The 
sender encrypts using the group key. The nodes decrypt 
using the group key. Any of sender nodes 104, 105, 110 can 
send data in the manner shown in FIG. l(fl). The nodes of 
FIG. 1(a) may be connected by any type of appropriate 
communication medium, such as an Ethernet, the Internet, 
wireless communications, cellular communications, etc. 

FIG. 1(b) is a block diagram of an embodiment of a 
network in accordance with the present invention wherein 
key manager node 102 sends a key change indicator to the 
nodes of the multicast group in accordance with an embodi- 
ment of the present invention. A key manager 102 is the 
network entity in charge of key distribution. As shown in the 
Figure, key manager 102 multicasts a key change indicator 
to each node in the multicast group. This multicast is herein 
referred to as "key change indication." Each member of the 
multicast group unicasts back a request for the new group 
key. Although not shown in FIG. 1(^?), key manager 102 then 
sends the new group key to the group members using any of 
several methods, examples of which are shown in FIGS. 3-8 
below. This is herein referred to as "key distribution.'* 

FIG. 1(c) is a block diagram of another embodiment of a 
network in accordance with the present invention wherein 
key manager node 102 sends a key change indicator to the 
nodes of the multicast group in accordance with an embodi- 
ment of the present invention. This multicast is herein 
referred to as "key change indication." In this embodiment, 
the key manager further distributes the group key to the 
group using an appropriate multicast key distribution 
mechanism (key change). 

As shown in FIGS. 1(b) and 1(c), the multicast group to 
which key manager 102 sends a key change indicator can 
include both senders and receivers. In some embodiments, 
key manager 102 is a separate node. In other embodiments, 
any node capable of sending (such as sender 104) can also 
act as the key manager. Stfll other embodiments can include 
more than one key manager. Having more than one key 
manager provides fault tolerance and robustness in the 
system, since it allows a key manager to fail without shutting 
down the key distribution mechanism. If there is more than 
one key manager 102, the key managers need to communi- 
cate with each other to prevent more than one key manager 
from trying to change the group key at a given time. 

The group key used in the described embodiments of the 
present invention is a shared secret key, as is known to 
persons of ordinary skiU in the art. An example of such a 
shared secret key encryption method is the DES encryption 
method. The shared secret key method can also be used to 
distribute other kinds of keys to a group. 

FIG, 2(a) is a diagram of a key manager data processing 
system in accordance with an embodiment of the present 
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invention. It will be understood that the term "data process- performed by processor 202, 252 (or other appropriate 
ing system" covens any type of system that processes data, processors) executing instructions stored in respective stor- 
such as a cellular telephone, a handheld processing unit, a age areas 204, 254 (or other appropriate storage areas), 
network computer, a personal digital assistant, an internet Specifically, the steps described herein are performed by one 
appliance, etc. Key manager 102 includes processor 202 and s of key manager software 210 and receiving/sending soft- 
storage area (such as a memory) 204. Storage area 204 ^^rc 260 in, respectively, key manager 102 and group 
includes at least key manager software 210 to accomplish member 106. It will also be understood that tbe invention is 
multicasting and/or umcasting. Key manager software 210 ^^^-^^^ particular implementation or program- 
can also send and receive umcast transmissions to and frorn -^^^^^^^ implemented 
the nodes in its group. Storage area 204 in key manager 102 „ . -^.l- r - i * 
further includes at least one group key 212 and data 214, ^sing jmy appropnate techniques for i^^^^^ 
such as a number of requests for the new group key currently Uo^ality descnbed herem. Tlie invention is not limited to 
received by the key manager. any particular programming language, operating system, or 
>*/,v . J. , , . network protocol. 
FIG. 2(b) IS a diagram of a group member node data ^ i. . ■ 
processing system 106 in accordance with an embodiment of ^ome or all of the instructions and data structures m 
the present invention. In the foUowing discussion, the term areas 204, 254 may be read into memory from 
"group member^' applies to a node that receives a key change computer-readable media 226, 276. Execution of sequences 
indicator from the key manager 102. Some of the "group "'t'^'^^-I^f contamed m the storage areas causes proces- 
members" can also be senders of data themselves under *° ^f^"^ '^^f descnbed herein, 
other circumstances, while other group members are only alternative embodiments, hard-wired circuitry may be 
receivers of data from the senders. Group member 106 is used m place of or m combmation with software instructions 
shown as including processor 252 and storage area (such as implement the invention Thus, preferred embodiments of 
a memory) 254. Storage area 254 in group member 106 invention are not limited to any specific combination of 
includes at least receiving/sending software 260. Receiving/ hardware circuitry and software. 

sending software 260 can receive multicast and unicast t^rm "computer-readable medium" as used herein 

transmissions from the key manager and can also send refers to any medium that participates in providing instruc- 

unicast transmissions to key manager 102. Storage area 254 lions to a processor for execution. Such a medium may take 

in group member 106 further includes at least one new group many forms, including but not limited to, non-volatile 

key 262 and at least one old group key 264. In certain media, volatile media, and transmission media. Non-volatile 

embodiments, storage area 254 includes a set of previously media includes, for example, optical or magnetic disks, such 

distributed group keys. as a storage device. Volatile media includes dynamic 

Although, in FIGS. 2(a) and 2(b\ each of key manager memory. Transmission media include coaxial cables, copper 

102 and group member 106 is shown in a separate data wire and fiber optics, including the wires that comprise a bus 

processing system/network element, it should be understood within a computer. Transmission media can also take the 

that one or more of elements 102 and 106 (and/or one or 35 acoustic or light waves, such as those generated 

more of the other group members) also can be resident 00 ^mng, radio-wave and infra-red data communications, or 

the same data processing system/network element. electrical signals transmitted over a computer network. 

Furthermore, the functionality of elements 102 and 106 can Common forms of computer-readable media include, for 

be distributed between additional data processing systems, example a floppy disk, a flexible disk, a hard disk, magnetic 

nodes, or network elements (not shown) without departing ^^P^' ^^^^ magnetic medium, a CD-ROM, any other 

from the spirit and scope of the present invention. optical medium, punchcards, papertapes, any other physical 

Each key manager 102 and group member 106 preferably medium with patterns of holes, a RAM, a PROM, an 

includes a respective input device 220, 270 such as a EPROM, a FLASH-EPROM, any other memory chip or 

keyboard, a touchpad, or a mouse that receives input from a cartridge, a carrier wave as described hereafter, or any other 
user or other appropriate source. Each key manager 102 and 45 medium from which a computer can read, 

group member 106 also preferably includes a respective Various forms of computer readable media may be 

output device 222, 272 such as a display screen, a printer, involved in carrying one or more sequences of one or more 

etc. that outputs infonmation to the user or other appropriate instructions to a processor for execution. For example, the 

destination. In addition, each key manager 102 and each instructions of key manager software 210 or group member 
group member 106 preferably includes a respective com- 50 106 may initially be carried on a magnetic disk or a tape. The 

puter readable medium input device 224, 274, which is instructions are loaded into storage area 204, 254. 

capable of reading a computer readable medium 226, 276. Alternately, instructions can be sent over a telephone line 

A person of ordinary skill in the art will understand that using a modem, A modem local to the computer system can 

the systems of FIGS. 2(a) and 2(b) may also contain receive the data on the telephone Une and use an infra-red 
additional information, such as input/output lines; input 55 transmitter to convert the data to an infra-red signal. An 

devices, such as a keyboard, a mouse, and a voice input infra-red detector coupled to a bus can receive the data 

device; and additional display devices. The systems of carried in the infra-red signal and place the data on the bus. 

FIGS. 2(a) and 2(b) may also include application programs, The bus carries data to main memory, from which a pro- 

operating systems, data, etc., which are not shown in the cessor retrieves and executes the instructions. The instruc- 
figure for the sake of clarity. It also will be understood that 60 1^°°^ received by main memory may optionally be stored on 

the systems of FIGS. 2(a) and 2(b) can also include numer- a storage device either before or after execution by a 

ous elements not shown, such as disk drives, keyboards, processor. The connection between key manager 102 and 

display devices, network connections, additional memory, group member 106 is generally designated 211, 261 and can 

additional CPUs, additional processors, LANs, input/output be any appropriate connection. 

fines, etc, 55 x^e following paragraphs describe several ways of dis- 

In the following discussion, it will be understood that the seminating the group key to a multicast group. Both the 

steps of methods and flow charts discussed preferably are senders and receivers of the multicast group need the group 
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key in order to encrypt data to be sent (by a sender) and to sent the new group key (or a timeout has occurred in step 

decrypt data received (by a receiver). 3 IP), key manager 102 multicasts an indicator to the group 

II. Key Management members to tell them to start using the new group key. This 

FIGS. 3-8 show several embodiments of a key change indicator can be signed the key manager. Requiring that the 
indication step, in which the key manager indicates that the 5 key manager 102 sign the indicator allows the group mem- 
group key is going to be changed, and a key change step in bers to determine whether the indicator comes from a 
which the new group key is distributed (or begun to be used, legitimate key manager. In step 322, group member 106 
if it was previously distributed). It will be understood that receives and verifies the indicator to start using the new 
the following embodiments are described for the purpose of group key. Group member 106 then starts using the new 
example only and are not intended to limit the present lo group key to receive messages from other nodes in the 
invention. group. If the group member receiving the new group key can 

FIG. 3 is a flow chart 300 showing steps performed by a send data (e.g., sender 104 of FIG. 1(6)), then the node also 

first embodiment of the present invention to disseminate a starts using the new group key at this time to encrypt data to 

group key. Steps performed by key manager 102 are shown be sent. The indicator that the group member should start 

on the left of the figure. Steps performed by a member in a 15 using the new key can be a flag, a control character, a type 

multicast group, e.g., group member 106, are shown on the of packet or message, or any other appropriate type of 

right of the figure. In step 302, key manager 102 determines indicator 

whether there is a need to change the group key. A need to FIG. 4 is a flow chart 400 showing steps performed by a 

change the group key may arise, for example, if one of the second embodiment of the present invention to disseminate 

members has dropped out of the group and is no longer 20 a group key. Steps 402 through 412 are similar to steps 302 

qualified to send or receive multicast data. As another through 312 of FIG. 3 and wifl not be described in detail. In 

example, key manager 102 may change the group key at step 414, key manager 102 preferably unicasts the new 

regular predetermined intervals. group key to the requesting group member via any appro- 

If there is a need to change the group key, key manager P^iate key distribution mechanism. The unicast of step 414 

102 sets the key change indicator in step 304. This key 25 includes a time value. This time value represents the 

change indicator can be, for example, one or more bits in the ^Y^^ which the switch to the new group key is to occur, 

multicast packet. An example of such bit or bits is shown in ^ f ^^P.^^ Pf^^^J mcludmg the key and a tmie value 

FIG. 9, which shows a key change indicator 904 in the flags ^ ■f^'^r^^ ^^^j below in conaecUon 

field 902 of a multicast packet Key change indicator 904 1*^! tT^^^' ^T^ ""Tu7, 

u a ' 1 . 1 i_ - J- X 1 new group key and the tune value and holds the new group 

can be a flag ma packet. The key change mdicator can aho 30 ^ ^nd the time value in its storage area. It wfll be 

be an mdicalor m the data such as a control character. The understood that the key distribution mechanism encrypts the 

key change mdicator can also be a separate type of packet or g^oup key and/or time value when they are sent between the 

message. For example, key manager 102 can send a type of key manager and group member if such encryption is 

packet that is only sent when it is time to change the group appropriate. 

key. In step 304, key manager 102 sends the new key group 35 in the embodiment of FIG. 4, if group member 106 

key available indicator in an outgoing, signed packet using determines in step 418 that the time to change the group key 

multicast transmission. This packet is preferably signed by has arrived, group member 106 then starts using the new 

key manager 102. Having key manager 102 sign the packet group key to verify received messages in step 420. If the 

using public key encryption or other appropriate technique node receiving the new group key can send data (e.g., sender 

prevents unauthorized nodes from trying to change the 4q 104 of FIG. 1(b)), then the node also starts using the new 

group key. group key at this time to encrypt data lo be sent. FIG. 5 is 

In step 306, group member 106 receives the packet and ^ flow chart 500 showing steps performed by a third embodi- 

verifies the signature to ensure that the packet was signed by ^^^^ present invention to disseminate a group key, 

a legitimate key manager. If, in step 308, group member 106 ^^f 1° ^^^P^ through 312 

determines that there is a key change indicator in the packet 45 ^ will not be described in detail. In step 514, key 

(or that the key change has been indicated in some other "^"'^^Sf r 102 preferably umcasts the new group key to the 

way), group member 106 preferably unicasts a signed ^^^^^^^^^^g receiver via any appropriate key distnbution 

. % r, 1 * *L 1 / mechanism. The unicast of step 514 also includes a packet 

request ror ine new group Key to tne Key manager lu^ ^as ^^^^er. This packet number is the number of the first packet 

shown in FIG. 1(6)) Requirmg the group member to sign its ^^^^ ^ ^ J ^ 

request ensures that the key manager will be able to tell 50 this embodiment, packets are numbered sequentially by 

whether the request comes from a legitimate group member. the sender. An example of a packet including a key and a 

Note that each group member sends a separate request for packet number that will start using the new key is shown in 

the new group key. FIG. 10(c). 

In step 312, key manager 102 receives the request for a In step 516, group member 106 receives the new group 

new group key and verifies the signature. In step 314, key 55 key and the packet number and holds them in its storage 

manager 102 preferably unicasts the new group key to the area. It will be understood that the key distribution mecha- 

requesting group member via any appropriate key distribu- nism can encrypt the group key and/or packet number when 

tion mechanism. In step 316, group member 106 receives the they are sent between the key manager and group member 

new group key and holds the new group key in its storage if such encryption is appropriate. The number of the first 

area. It will be understood that the key distribution mecha- 60 Packet that will be sent using the new group key may be 

nism can encrypt the group key when it is sent between the determined, for example, based on criteria such as the last 

key manager and group member if such encryption is P^^^^^ number sent, the rale at which the packets are 

appropriate.Examplesof a packet including a group key are expected to be sent, and the amount of time required to 

shown in FIGS. 10(fl)-10(6), as discussed below in connec- distnbute the new key. Thus, for example: 

tion with that Figure. 65 pac:ket#»currem packet#+(ratenime*1.5), 

In step 318 of FIG, 3, if key manager 102 determines that 

all members of the multicast group have requested and been where 1.5 is a predetermined margin of error. 
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In the embodiment of FIG. 5, in step 518, if group multicast packet. The key change indicator 904 can be, for 

member 106 determines that it has received a packet having example, a flag in a packet. The key change indicator 904 

the packet number received in step 516 (or a higher packet can also be indicator in the data, such as a control character, 

number), group member 106 then starts using the new group The key change indicator 904 can also be a separate type of 

key to verify received messages. Group member 106 may S packet or message. 

need to save both the new and the old key for some PIGS. W{a)-10(c) are diagrams showing examples of a 

predetermined time, since packets often arrive out of order. packet sending the new key indicator to a multicast group. 

If the node receiving the new group key can send data (e.g., ^^p' ^h^^^ ^ packet coataining, among other 

sender 104 of FIG. 1(b)), then the node starts using the new l°^TaiT^'t^ir/Si!S as would be sent 

group key to encrypt dafa to be sent when it sends the packet lO ^^'^ 314 of FIG. 3 FIG. 10(i>) shows a packet containmg, 

t .xi J 1 . i_ t. - 1- • among other information, a new group key 1012 and a time 

having the received packet number or higher. If there is more ^,i^,^ioi4 representing a time to start using the new group 

than one sender in the group, the key manager needs to ^ ^^^^^ ^^^j^ ^^^^ 4^4 pi^ 

coordinate with the senders to make sure that all the senders 10(c) shows a packet containing, among other information, 

have received (and will use) the new key and packet number. ^ ^^^^ io24 and a first packet number 1026 that 

FIG. 6 is a flow chart 600 showing steps performed by a is ^ill start using the new group key, such as would be sent in 

fourth embodiment of the present invention to disseminate a step 514 of FIG, 5. Apacket having the format of FIG. 10(c) 

group key. Steps 602 through 612 are similar to steps 302 has a packet number 1022 in each packet, 

through 312 of FIG. 3 and wiU not be described in detail. la FIG. 11 is a diagram showing an example of a packet 

step 614, key manager 102 preferably unicasts the new format including an indicator 1102 to indicate that the group 

group key to the requesting group member via any appro- 20 members can begin to use the new group key. The packet of 

priatc key distribution mechanism. In step 616, group mem- FIG. 11 would be sent, for example, in step 320 of FIG. 3. 

ber 106 receives the new group key and holds the new group Any appropriate indicator can be used. Similarly to the key 

key in its storage area. It wifl be understood tliat the key change indicator 902, the indicator 1102 that the group 

distribution mechanism can encrypt the group key when it is can/should start using the new group key can also be a flag, 

sent between the key manager and group member if such 25 a control character, a type of packet or message, or any other 

encryption is appropriate. appropriate type of indicator. 

In the embodiment of FIG. 6, group member 106 uses In summary, the present invention provides a mechanism 

both the old group key and the new group key for a for a multicast key manager to change a group key used by 

predetermined time period. In step 618, group member 106 all members in a group. In one embodiment, each of the 

decrypts received data using both keys. Steps 620, 622, and 30 group members then request the new group key. Once the 

624 use the data that is conecl. For example, aU data may key manager determines that all the group members have the 

have a known value in a known location. Whichever group key, the key manager multicasts an indicator to all 

decrypted data contains the known value will be the correct group members to start using the new group key to decrypt/ 

data. In some embodiments, the predetermined time period encrypt multicasts to the group. In another embodiment, the 

is determined by the key manager and sent to the group 35 manager sends a time indicating at what time the new 

members, either for each key change or at some previous group key will become effective. In another embodiment, 

time. In other embodiments, the predetermined time is the key manager sends the first packet number for which the 

determined by each group member, and may be the same or new ^oup key wiU become effective. In yet another 

different for each member in a group. If the node receiving embodiment, the group members use both the old and new 

the new group key can also send data (e.g., sender 104 of 40 group keys for a predetermined period of time. In another 

FIG. 1(b)), then the node also starts using the new group key embodiment, the group members already have a set of group 

at this time to encrypt data to be sent. keys and change to the next key in the set. In another 

RG. 7 is a flow chart 730 showing steps performed by a embodiment, the key manager distributes a new group key 
fifth embodiment of the present invention to disseminate a without needing to receive requests from the group mem- 
group key. Steps 732 through 736 are similar to steps 302 45 bers. 

through 306 of FIG. 3 and wifl not be described in detail In While the invention has been described in conjunction 

this embodiment, a set of group keys has been previously with specific embodiments, it is evident that many 

distributed to the group members. When a group member alternatives, modifications and variations will be apparent to 

receives a key change indicator, the group member starts those skilled in the art in light of the foregoing description, 

using the next group key in the set. As shown in FIG. 7, so For example, although the invention is described above in 

some embodiments may use the new group key and the old the context of a multicast group, the invention can aUo be 

group key for a predetermined period of time, as described, ^sed in any situation where a key manager needs to be able 

for example, above. to control when a key is sent to a group of receivers. As 

FIG. 8 is a flow chart 860 showing steps performed by a another example, the present invention can send different 

sixth embodiment of the present invention to disseminate a 55 ^eys to different senders and can then send the keys for each 

group key. Steps 862 through 866 are similar to steps 302 of the senders to aU receivers. Accordingly, it is intended to 

through 306 of FIG. 3 and will not be described in detail. embrace all such alternatives, modifications and variations 

When a group member receives a key change indicator, the ^^11 within the spirit and scope of the appended claims and 

group member is alerted to wait for a new group key, which equivalents, 

is sent by the key manager. This key can be distributed, for 60 What is claimed is: 

example, via multicasting or unicasting. 1- Amethod of changing a group key, comprising the steps 

FIG. 9 is a diagram showing an example of a packet performed by a node including a key manager function in a 

format including a key change indicator 904, indicating that system for processing data, of: 

the group key will be changed. The key change indicator of sending an indicator to each member of a group that it is 

FIG. 9 is provided by way of example only. Any appropriate 65 time to change the group key; and 

indicator can be used as a key change indicator and the key distributing, after sending the indicator, a new group key 

change indicator can be located in any appropriate part of the to at least one member of the group. 
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2. The method of claim 1, wherein the step of sending an 17. A method of changing a group key, comprising the 
indicator includes the step of sending the indicator using steps performed by a node including a key manager function 
multicast to all members of the group. in a system for processing data, of: 

3. The method of claim 1, further comprising the step of: distributing a set of group keys to each member of a 
receiving a request for a new group key, in response to the 5 group* 

indicator, from at least one member of the group. i- * • , , /- , . . 

4. The method of claim 3, wherein the step of receiving ^^^^^^^ indicator to each member of a group that it is 
a request includes the step of receiving a unkast request ^^^^^^ S^^^P ^^T^ 

from the at least one member of the group. changing, by at least one member of the group, to a next 

5. The method of claim 3, wherein the distributing step group key in the set of group keys. 

includes the step of unicastiag a new group key to the 18. The method of claim 17, wherein the indicator is 

requesting at least one member of the group, multicast to the group members. 

6. The method of claim 1, wherein the distributing step 19. A method of changing a group key, comprising the 
includes the steps of: steps performed by a system for processing data, of: 

determining, after the step of senc^ng the new group key, ^^^^^ ^ ^ managct node, an indicator to each 

that al members of the group have received the new ^^^^^^ ^ ^^^^ ^ 

group key; and and 

sending a second indicator to the members of the group to l ' u . , t 

start using the new group key. changmg, by at least one group member, to a new group 

7. The method of claim 1, wherein the distributing step ^J'^y responsive to the indicator. 

includes the steps of: method of claun 19, further comprising the steps 

determining, after the step of sending the new group key, 

that a timeout has occurred, even though not all mem- receiving, by the key manager node, a request from the at 

hers of the group have received the new group key; and ^^^^ g^^^P ^^^'^^ group key; and 

sending a second indicator to the members of the group to distributing, by the key manager node, in response to the 

start using the new group key. request, a new group key to the requesting members of 

8. The method of claim 1, wherein the distributing step group. 

includes the step of: method of claim 19, further comprising the step 

sending the new group key to at least one member of the 

group, along with a time value. 3^ encrypting and sending, by a first member of the group to 

9. The method of claim 8, ftirther comprising the step of ^ second member of the group, information in accor- 
determining, by the at least one member of the group, in ^^"^ ^ith the new group key. 

accordance with the time value, that it is time to start using 22. The method of claim 19, further comprising the step 

the new group key. of decrypting using the new group key, by a first member of 

10. The method of claim 1, wherein the distributing step 35 group, information sent by another member of the group, 
includes the step of: 23, The method of claim 19, further comprising the step 

sending the new group key to at least one member of the of receiving, after the step of sending the indicator, a second 

group, along with a packet number indicating a first ^^f / '"^"^S^^ ^^^^ indicating that the 

packet that is to use the new group key. g^^^P members should start using the new group key. 

11. The method of claim 10, further comprising the step ,0 ^'^ "^^^^""^ ""^^^ 

of determining, by the at least one member of the group, in wherein the step of distributing the new group key 

accordance with the packet number, that it is time to start includes the step of sending a time value to the at least 

using the new group key. one member of the group. 

12. The method of claim 1, further comprising the step, 25. The method of claim 24, further comprising the step 
performed by the at least one group member, of decrypting 45 of determining, by the at least one member of the group, in 
information received from a sender node using both an old accordance with the time value, that it is time to start using 
group key and the new group key for a predetermined time group key, 

period 26. The method of claim 19, 

13. The method of claim 1, further comprising the step, wherein the step of sending a new group key includes the 
performed by the at least one group member, of encrypting 50 step of sending a packet number to the at least one 
information using the new group key and sending the member of the group, the packet number indicating a 
encrypted information to another group member. first packet that is to use the new group key. 

14. The method of claim 1, wherein the distribution step 27. The method of claim 26, further comprising the step 
includes: of determining, by the at least one member of the group, in 

sending, by the key manager, a different group key of a 55 accordance with the packet number, that it is time to start 

plurality of group keys to respective ones of a plurality using the new group key. 

of senders in the group, and 28. The method of claim 19, further comprising the step, 

sending, by the key manager, the plurality of group keys performed by the at least one group member, of decrypting 

to each of a plurality of receivers in the group. information received from a sender node using both an old 

15. The method of claim 1, further comprising the step, 60 ^^^^ group key for a predetermined time 
performed by the at least one group member, of decrypting period. 

information that is received from another group member, 29. A method of changing a group key, comprising the 

using the new group key. steps performed by a member of a group in a system for 

16. The method of claim 1, wherein the distributing step processing data, of: 

includes the step of sending the group key to at least one 65 receiving, by the member of the group, an indicator that 

group member without receiving a request from the at least it is time to change the group key; and 

one group member. receiving, after the first receiving step, the new group key. 
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30. The method of claim 29, further comprising the step 40. The method of claim 29, further comprising the step 



of: 

sending, by the member of the group, in response to the 
indicator, a request for a new group key. ^ 

31. The method of claim 29, wherein the step of receiving 
an indicator includes the step of receiving the indicator via 
multicast. 

32. The method of claim 30, wherein the step of sending 

a request includes the step of sending a unicast request by lO 
the member of the group. 

33. The method of claim 29, wherein the key receiving 
step includes the step of receiving a new group key by the 
member of the group, where the new group key is unicast to 
the member of the group. 

34. The method of claim 29, further comprising the step 
of receiving a second indicator that indicates to start using 
the new group key. 

35. The method of claim 29, 20 
wherein the step of receiving a new group key includes 

the step of receiving a time value at which time the new 
group key will take efifect. 

36. The method of claim 35, further comprising the step 
of determining, by the member of the group, in accordance 
with the time value, that it is time to start using the new 
group key. 

37. The method of claim 29, 

wherein the step of receiving a new group key includes 3^ 
the step of receiving a packet number, the packet 
number indicating a first packet that will use the new 
group key. 

38. The method of claim 37, further comprising the step 

of determining, by the at least one member of the group, in 35 
accordance with the packet number, that it is time to start 
using the new group key. 

39. The method of claim 29, further comprising the step, 
performed by the member of the group, of decrypting 
information received from another group member using both *o 
an old group key and the new group key for a predetermined 
time period. 



of: 

encrypting and sending, by the member of the group to at 
least one receiver in the group, information in accor- 
dance with the new group key. 

41. The method of claim 29, further comprising the step 
of decrypting using the new group key, by the member of the 
group, information sent by another member of the group. 

42. The method of claim 29, wherein the step of receiving 
the new group key includes the step of receiving the new 
group key without having to make a request for the new 
group key. 

43. An apparatus that changes a group key, comprising: 
a portion configured to send an indicator to each member 

of a group that it is time lo change the group key; and 
a portion configured to send a new group key to at least 
one member of the group. 

44. A computer program product comprising: 

a computer usable medium having computer readable 
code embodied therein for changing a group key, the 
computer program product including: 

computer readable program code devices configured to 
cause a computer to effect sending an indicator to each 
member of a group that it is time to change the group 
key; and 

computer readable program code devices configured to 
cause a computer to effect distributing a new group key 
to at least one member of the group. 

45. A computer data signal embodied in a carrier wave 
and representing sequences of instructions which, when 
executed by a processor, cause the processor to change a 
group key, by performing the steps of: 

sending an indicator to each member of a group that it is 

time to change the group key; and 
distributing a new group key to at least one member of the 

group. 

46. An apparatus that changes a group key, comprising: 
means for sending an indicator to each member of a group 

that it is time to change the group key; and 
means for distributing a new group key to at least one 
member of the group. 
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